Introducing Digital Footprint Risk Reporting to Help Find your Achilles Heel

External Threat Management

Introducing Digital Footprint Risk Reporting to Help Find your Achilles Heel

February 20, 2018

By Sam Curcuruto

The vast majority of organizations that talk with our teams here at RiskIQ say to us that the one thing we could do to make their lives easier is to just tell them what we know is wrong and how to fix it. Like every organization that faces security issues, our customers are overwhelmed by alerts, events, threats, tasks, and alarms. However, ultimately, we hear many folks ask the same two questions: “Did what I accomplished today actually make a difference?” and “Have I made our organization more secure?”

RiskIQ Digital Footprint Risk Reporting, our latest feature, helps security teams answer both these questions, and ensure that what they do accomplish has a meaningful impact on their organization’s security posture and exposure level.

RiskIQ Digital Footprint Risk Reporting provides management and security teams with an easy, accurate, and extensive way to measure digital risk for an enterprise, understand problems or issues within their footprint and take corrective action to reduce risk. RiskIQ dynamically uncovers and inventories known, unknown, and at risk external assets that belong to an organization, providing a comprehensive picture of an attack surface. With this understanding, RiskIQ can accurately quantify risk due to threat indicators present in your footprint and security posture and the hygiene of your digital attack surface.

- For vulnerability management teams, Risk Reporting shows a way to prioritize remediation activity and guide remediation efforts to improve their risk measurably. Risk Reporting allows security teams to drill down to inventory-asset level to see all underlying details about an asset that are contributing to risk. Risky details include things like unpatched vulnerabilities or assets with CVEs, expired SSL certificates, open ports, or insecure login forms.

- For CISOs, IT, and security leadership, Risk Reporting provides a comprehensive view of an organization’s risk posture as it exists outside the firewall. It enables teams to curate their asset list, provide details about those assets in terms of software, frameworks, and infrastructure, as well as perform crawling for underlying threats they can’t see at the surface level, such as assets that have been compromised to host malware or phishing pages. At a glance, security leadership can understand trends in their risk and security posture over time, and see tangible results from investment in digital threat management.

How Does Risk Reporting Help Security Professionals?

Digital Footprint Risk Reporting gives security teams an interactive report of up-to-date threat indicators and security posture of their digital attack surface outside the firewall. Risk Reporting brings some of the most critical security issues to light, enabling security operations and vulnerability management teams to find exposures quickly and address them. And with a numerical score, you can see the impact your efforts have made to your overall security.

Each element that makes up your Risk Score can be drilled-into, letting your teams understand specific components or assets that are a part of your Digital Footprint that need to be addressed to improve security.

What Contributes to the Risk in your Digital Footprint?

Outside the firewall, RiskIQ places risky components into two groups: threat indicators and your overall security posture.

Threat Indicators are active observations of malicious or suspicious activity related to assets in an organization's digital footprint. Threat indicators that occur and exist without remediation serve as indicators that an organization has security management visibility gaps or has not responded adequately to active exploits from their machines or services.

Security Posture is a measurement of the maturity of an organization's security program to properly identify and secure external-facing assets. It is comprised of observing and analyzing exposures against technical best practices and security policies (such as OWASP) that can mitigate risk.

Learn More

For a demo of RiskIQ Digital Footprint Risk Reporting, register for our upcoming webinar on March 13th, featuring CISO Edward Amoroso and Vamsi Gullapalli from RiskIQ. Digital Footprint Risk Reporting is available today. If you have questions or would like to schedule a custom demo for your organization, click here.

Existing RiskIQ customers who have Digital Footprint Enterprise have access to the new capabilities by getting in touch with your Technical Account Manager.

Featured Posts

External Threat Management | Labs

Bear Tracks: Infrastructure Patterns Lead to More Than 30 Active APT29 C2 Servers

RiskIQ's Team Atlas has uncovered still more infrastructure actively serving WellMess/WellMail. The timing here is notable. Only one month ago, the American and Russian he...

Joining Microsoft is the Next Stage of the RiskIQ Journey

Today Microsoft announced its intent to acquire RiskIQ, representing the next stage of our journey that's been more than a decade in the making. We couldn't be more ...

Media Land: Bulletproof Hosting Provider is a Playground for Threat Actors

Bulletproof hosting (BPH) is a collection of service offerings catering to internet-based criminal activity. These businesses often operate in a grey area, attempting to appea...

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor

Forrester Wave: External Threat Intelligence Services, Q1 2021

RiskIQ Illuminate® Internet Intelligence Platform Datasheet

Five Security Intelligence Must-Haves For Next-Gen Attack Surface Management

Threat Investigations and Response RiskIQ Solution Brief

Illuminate One-Hour On-Demand Event